Page MenuHome GnuPG

TLS hostname selection uses insecure SRV data
Closed, ResolvedPublic


This is a security-impacting bug relating to verification of keyserver TLS

When chasing SRV records, in *insecure* DNS, GnuPG takes the hostname from the SRV
lookup and uses that, for libcurl, as the hostname to:
(1) pass in ServerNameIndication
(2) use for certificate verification

For testing purposes, "" is up and running with two different TLS
certificates available. One is from my own CA (cert and trust-details on That is used for a hostname of
"" and _most_ hostnames.

The second cert is configured to be used for " *.pool.sks-" (and the cert itself is for with subjectAltName

Using gnupg with "keyserver-options verbose,debug,ca-cert-file=..." and keyserver
pointing to various hostnames, I can see:

(1) using --keyserver=https://...anything... the path is dropped from the HTTP
request :(
(2) using --keyserver=hkps:// and ca-cert-file pointing to a file
containing globnixCA3.crt, things work
(3) using --keyserver=hkps:// the DNS SRV records are
used; with resolver manipulation (unbound-control in my case):

% unbound-control local_data SRV 10
10 443
% unbound-control local_data A

we have SRV being used (good!) but then passing as the hostname in
the handshake, which (1) selects the wrong cert and (2) will be verifying the TLS
cert against untrusted data, instead of the known-good hostname.

TLS certificate verification should not use untrusted data; a corollary is that the
ServerNameIndication, used by the server to select a cert, should specify the same
hostname than the client will be using for verification.

Event Timeline

Kristian has removed the SRV records at _pgpkey-https._tcp.hkps.sks-, so the explanation in step 3 might seem to not match reality, but
that's a change, because of this Issue and Issue1446.

If you set up your own DNS pool for testing, I'm happy to send you a CSR for a new
vhost to help with debugging.

Note that the topic is currently under discussion on gnupg-devel.

Note that this implies setting Host: properly as well

werner reopened this task as Open.
werner claimed this task.